Cookies validation and Security Guidelines (#242)
* Add OTP and security guidelines documentation and additional checks on client-provided values - Introduced additional checks on client-provided values such as cookies - Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations. - Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling. These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices. * Add OTP API documentation and enhance security guidelines - Introduced comprehensive documentation for the OTP API, detailing the creation and verification of OTP tokens for sensitive operations. - Enhanced security guidelines for Next.js, emphasizing the importance of input validation, environment variable management, and error handling. - Implemented additional checks for client-provided values to improve overall security posture. These updates provide clear instructions for developers and strengthen the project's security framework.
This commit is contained in:
Giancarlo Buomprisco
committed by
GitHub
GitHub
parent
1327a8efb7
commit
e193c94f06
@@ -1,6 +1,28 @@
|
||||
import { cookies } from 'next/headers';
|
||||
|
||||
type Theme = 'light' | 'dark' | 'system';
|
||||
import { z } from 'zod';
|
||||
|
||||
/**
|
||||
* @name Theme
|
||||
* @description The theme mode enum.
|
||||
*/
|
||||
const Theme = z.enum(['light', 'dark', 'system'], {
|
||||
description: 'The theme mode',
|
||||
});
|
||||
|
||||
/**
|
||||
* @name appDefaultThemeMode
|
||||
* @description The default theme mode set by the application.
|
||||
*/
|
||||
const appDefaultThemeMode = Theme.safeParse(
|
||||
process.env.NEXT_PUBLIC_DEFAULT_THEME_MODE,
|
||||
);
|
||||
|
||||
/**
|
||||
* @name fallbackThemeMode
|
||||
* @description The fallback theme mode if none of the other options are available.
|
||||
*/
|
||||
const fallbackThemeMode = `light`;
|
||||
|
||||
/**
|
||||
* @name getRootTheme
|
||||
@@ -9,8 +31,19 @@ type Theme = 'light' | 'dark' | 'system';
|
||||
*/
|
||||
export async function getRootTheme() {
|
||||
const cookiesStore = await cookies();
|
||||
const themeCookieValue = cookiesStore.get('theme')?.value;
|
||||
const theme = Theme.safeParse(themeCookieValue);
|
||||
|
||||
const themeCookie = cookiesStore.get('theme')?.value as Theme;
|
||||
// pass the theme from the cookie if it exists
|
||||
if (theme.success) {
|
||||
return theme.data;
|
||||
}
|
||||
|
||||
return themeCookie ?? process.env.NEXT_PUBLIC_DEFAULT_THEME_MODE ?? 'light';
|
||||
// pass the default theme from the environment variable if it exists
|
||||
if (appDefaultThemeMode.success) {
|
||||
return appDefaultThemeMode.data;
|
||||
}
|
||||
|
||||
// in all other cases, fallback to the default theme
|
||||
return fallbackThemeMode;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user